Pentaho: userid and password arguments in direct links to plugins

1
votes

Integrated Pentaho (v5.1.0 in Linux) with Compiere ERP (v.3.81 in Windows )

Try to Pass Userid and Password in URL . requestParameterProcessingFilter (api & Plugin ) Updated in the file system/applicationContext-spring-security.xml

Method 1:

testserver:8080/pentaho/api/repos/%home%admin%31.prpt/viewer?userid=admin&password=password

Always Prompting arguments the userid and password with a HTTP login box in all Browser

Method 2:

admin:password@testserver:8080/pentaho/api/repos/%home%admin%31.prpt/viewer

Working Fine in Chrome , Prompting login box at first launch and asking confirmation box (Access from other PC) , Link dosnt work in Internet Explorer

could anyone please help me to resolve this problem.

2
pentaho

2 Answers

0
votes

There is some security changes between version 4.8 and 5.0 (and 5.1):

Method 1:

According to this bug-report you shuld change applicationContext-spring-security.xml like you did in next way:

/api/**=securityContextHolderAwareRequestFilterForWS,httpSessionPentahoSessionContextIntegrationFilter,httpSessionContextIntegrationFilter,requestParameterProcessingFilter,basicProcessingFilter,anonymousProcessingFilter,exceptionTranslationFilterForWS,filterInvocationInterceptorForWS
      /plugin/**=securityContextHolderAwareRequestFilterForWS,httpSessionPentahoSessionContextIntegrationFilter,httpSessionContextIntegrationFilter,requestParameterProcessingFilter,basicProcessingFilter,anonymousProcessingFilter,exceptionTranslationFilterForWS,filterInvocationInterceptorForWS

Important: Restart BA Server!

Method 2:

Internet Explorer doesn't like ftp-like connecting parameters. Here I found how to bypass it, it worked to me, but I lost 20min to properly change the URL.

: as %3A

? as %3F

** as **%5C

% as %25

# as %23

/ as %2F

0
votes

You have to modify: /pentaho-solutions/system/applicationContext-spring-security.xml

<bean id="filterChainProxy" class="org.springframework.security.util.FilterChainProxy">
    <property name="filterInvocationDefinitionSource">
      <value>
        <![CDATA[CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
        PATTERN_TYPE_APACHE_ANT
        /webservices/**=securityContextHolderAwareRequestFilterForWS,httpSessionPentahoSessionContextIntegrationFilter,httpSessionContextIntegrationFilter,basicProcessingFilter,anonymousProcessingFilter,exceptionTranslationFilterForWS,filterInvocationInterceptorForWS
        /api/repos/**/parameter=securityContextHolderAwareRequestFilterForWS,httpSessionPentahoSessionContextIntegrationFilter,httpSessionContextIntegrationFilter,basicProcessingFilter,anonymousProcessingFilter,exceptionTranslationFilterForWS,filterInvocationInterceptorForWS
        /api/**=securityContextHolderAwareRequestFilterForWS,httpSessionPentahoSessionContextIntegrationFilter,httpSessionContextIntegrationFilter,basicProcessingFilter,requestParameterProcessingFilter,anonymousProcessingFilter,exceptionTranslationFilterForWS,filterInvocationInterceptorForWS        
        /plugin/**=securityContextHolderAwareRequestFilterForWS,httpSessionPentahoSessionContextIntegrationFilter,httpSessionContextIntegrationFilter,basicProcessingFilter,anonymousProcessingFilter,exceptionTranslationFilterForWS,filterInvocationInterceptorForWS
        /**=securityContextHolderAwareRequestFilter,httpSessionPentahoSessionContextIntegrationFilter,httpSessionContextIntegrationFilter,httpSessionReuseDetectionFilter,logoutFilter,authenticationProcessingFilter,basicProcessingFilter,requestParameterProcessingFilter,anonymousProcessingFilter,exceptionTranslationFilter,filterInvocationInterceptor]]>
      </value>
    </property>
  </bean>